Items Tagged with "vendors"

What are the risks of MSSPs managing the detection and analysis of network activity data for your company? There are some events that, if detected early, may avert lawsuits, data breaches and other embarrassing or career-ending moments for a company...

The implication is that vendors aren’t interested in securing their legacy products. I do know that many ICS vendors supporting the electric industry are frustrated because the utilities may not be required to actually secure these systems to be NERC CIP compliant...

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

At long last the much hyped Palo Alto Networks (PAN) has filed its S-1 in preparation for an IPO. Now that we have some visibility into PAN’s real finances it is time to address some of their claims, and perhaps throw cold water on the exuberance being expressed in some circles...

Not a day goes by without yet another spate of privacy and security issues. Threats to the security, privacy and personal information continue to increase in scope and complexity. To maintain competitive edge, vendors and service providers are scrambling to keep up...

The players mime their passion plays to obtain the almighty dollar and make their daily bread. Grimy hands slither over every inch of the client while pouring soothing words, cooing in their ear about how their solutions will cure ills and make them more virile than the next guy...

Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...

Either China is the greatest and dumbest adversary we've ever had, or the real dummies are those in infosec who can't be bothered to question the obvious when doing incident response, or who choose to cater to the rising tide of Sinophobia in the U.S. in order to boost their sale...

"Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user whose machine is infected... visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system..."

Recently, some researchers have been working on comparing password vault software products and have found some issues. However, many of the vendors are quickly moving to remediate the identified issues, many of which were simply improper use of proprietary cryptography schemes...

The merchant is left to their own devices to know whether any of these mobile payment processing solutions can be trusted. I am fearful that small merchants, who are the marketing target of these solutions, will be put out of business should the device somehow be compromised...

April 05, 2012

Cloud computing services are increasingly important for governments and businesses, and information security is a key pain-point. To help solve this problem ENISA released a guide focusing on continuous security monitoring throughout the life-cycle of a cloud contract...

Smaller organizations need to leverage simple, effective and scalable solutions to achieve success. They simply won’t have the manpower to manage overwhelming alerts, too many log entries or some of the other basic mechanisms of infosec...

Sectors in security are blurring and merging, companies are building out portfolios, and everyone's adding discrete functionality from different categories. Static and dynamic analysis aren't separate revenue streams for some vendors, and it'll just get more muddled...

Cisco, Juniper, Oracle, and Microsoft might have security initiatives and even good sales of security products. But security takes a back seat to functionality too often. Why are there no secure switches? Secure apps for Windows? Or secure databases?

We need to ensure that legislation and regulations for cloud services truly reflect the realities of the cloudy world we live in and do not allow for a shotgun approach to compliance that primarily meets the needs of just one powerful interest group...